Mandrake Linux Security Advisory : clamav (MDKSA-2006:067)
critical Nessus Plugin ID 21202
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
Damian Put discovered an integer overflow in the PE header parser in ClamAV that could be exploited if the ArchiveMaxFileSize option was disabled (CVE-2006-1614).Format strings in the logging code could possibly lead to the execution of arbitrary code (CVE-2006-1615).
David Luyer found that ClamAV could be tricked into an invalid memory access in the cli_bitset_set() function, which could lead to a Denial of Service (CVE-2006-1630).
This update provides ClamAV 0.88.1 which corrects this issue and also fixes some other bugs.
Solution
Update the affected packages.Plugin Details
Severity: Critical
ID: 21202
File Name: mandrake_MDKSA-2006-067.nasl
Version: 1.16
Type: local
Family: Mandriva Local Security Checks
Published: 4/8/2006
Updated: 1/6/2021
Dependencies: ssh_get_info.nasl
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:clamav, p-cpe:/a:mandriva:linux:clamav-db, p-cpe:/a:mandriva:linux:clamav-milter, p-cpe:/a:mandriva:linux:clamd, p-cpe:/a:mandriva:linux:lib64clamav1, p-cpe:/a:mandriva:linux:lib64clamav1-devel, p-cpe:/a:mandriva:linux:libclamav1, p-cpe:/a:mandriva:linux:libclamav1-devel, cpe:/o:mandriva:linux:2006, x-cpe:/o:mandrakesoft:mandrake_linux:le2005
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 4/7/2006
Reference Information
MDKSA: 2006:067